Problem with Updates - Windows, Malwarebytes,

[jetta1223]

Hi Guys,

I hope I'm posting this in the correct category on the website (it's the only place I can see a button "post a thread").

I think I may have some kind of hidden malware or virus. I can't do a boot scan because my internet requires me to manually turn it on once widows starts, therefore no possibility for a safe mode with networking.

There is something in my computer that is playing with all my updates. I don't know what it is. I used all many of the tools recommended by MalwareTips. Is somebody who is experienced in this able to possibly help me? I have Kaspersky Internet Security 2014. When I manually update it goes up to 24% and then stops there and gives me the screen "Databases and Application are up to date". I have MalwareBytes and the Update button greys out and I cannot click on it. And with Windows Updates the red flag comes up in taskbar telling me I need to choose an update method (and automatic updates is shut off).

I've tried uninstalling and reinstalling several times. I'm afraid to go on the internet without a Sandboxie.
Can somebody please help?

Thank you.

 

[TwinHeadedEagle]

Computer is clean, no malware...

In short what are the problems you're facing?

 

[jetta1223]

The software updates feature is blocked on these programs. When I install Malwarebytes, it works in the beginning and then I am unable to choose the update function because it no longer is highlighted. Also, Kaspersky Internet Security 2014 stops at 24% it does not complete the update. And at least once a day my Windows Updates stop functioning, a red flag comes up in the taskbar.

 

[TwinHeadedEagle]

1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guidehttp://www.bleepingcomputer.com/combofix/how-to-use-combofix carefully.
Note: ComboFix must be downloaded to your Desktop.

--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program.
If you are unsure how to do this please read http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.htmlthis or this Instruction.


Note: Do not forget to turn on this option after the cleaning.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.

 

[jetta1223]

OK, I will do that. Would you recommend a product called AppGuard? And if so, can it be run together with Kaspersky and MalwareBytes?

 

[jetta1223]

OK... well, I followed your instructions for running ComboFix, and through a tedious procedure I think the problem is fixed. But I had some issues afterwards accessing my browsers. I kept getting an error message that said "Windows cannot access specific device, path or file. You may not have the appropriate permission to access them." So it seems that the files were all changed. I needed to run Glary Utilities to get a browser to work so I can send you the report. So here is the report. Please let me know exactly what the problem was. Are there programs I have installed or something that may have caused this attack? I use IObit products. And Sandboxie. Also, filepuma from GlarySoft wants to update my software, should I let it, is it safe?

Can you please advise me based on what you see from the report? Many thanks.

 

[jetta1223]

Thank you TwinHeadedEagle. It seems like whatever it was, was removed by ComboFix. That must be a very powerful tool! Nothing was able to find the problem... and I tried just about everything! So now I am now testing to see if all my updates are working in all my programs.

I want to let you know that I had to run ComboFix two times because the first time I only disabled Kaspersky because the instructions said to disable only the Anti-Virus. So I only disabled Kaspersky. I totally forgot about Windows Defender which is automatically built in to Windows 7. And I wasn't sure if I needed to disable ALL the anti-malware/spyware programs and firewalls as well. So I only disabled the Kaspersky as per your instructions (forgetting about Defender). And as a result, during the first scan after it had found an infection, it automatically rebooted the computer. When the computer was turned back on, a blue ComboFix window PEV.3XE was trying to open and was flashing on and off the screen, consistently trying to open the window. It was very disturbing. I knew something was wrong. I figured that it was probably another protection/security software program that was blocking the window from opening, and I could not turn the programs off with this window flashing, so I had to turn my computer off and then go to Safe Mode and delete the whole ComboFix folder just so it could stop flashing. Then I disabled all my security software and reinstalled ComboFix and then ran it. The second time it worked properly. There was no reboot the second time because the infection was already deleted the first time, but I was able to finally get the log for you to view.

In the future, I really want to try not to download and install these rootkits or malware or whatever it was that was hidden so deep inside my computer. Below are some programs I've downloaded and installed recently. Can you please let me know if they are safe to use and if any of them could have been the cause? If not, then what do you think it was that caused the problem?

Programs I have installed:
Iobit - Advanced System Care
Iobit - Uninstaller
Iobit - Driver Booster
Iobit - Defragmenter 3
Neuber - Security Task Manager
Gretech - GOM Player
PC Tools- ThreatFire
Sandboxie
AppGuard (I was going to install this one)
Glary Utilities

Firefox Add-Ons:
HTTPS Everywhere - (are there problems with this? In Firefox, the eef.org page kept coming up in several tabs)
Ghostery
Adblock Plus
Download Helper

Thank you again for your help with this.

 

[jetta1223]

Now this is strange... everything was fine until now (about an hour later). After ComboFix, I was able to update Kaspersky and Malwarebytes no problem, went back on the internet and just now (after 1 hour) the same issue comes up again. Exactly the same thing... Kaspersky stops at 24%. Malwarebytes does not allow updates. I tried to look at processes in Task Manager and that is not opening properly either. I only see the task and status, no tabs for processes, etc... Also a prompt came up that filled in "regedit" and something called Registry Editor shows up. Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID|CLSID I don't know what that means.

Maybe I should run the ComboFix again?

 

[TwinHeadedEagle]

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

 

[jetta1223]

I tried to download it but an error window comes up from C:\Users\name\Downloads\FSS.exe . It says "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item". I even tried running it from another login (as admin) but the window still came up.

 

[jetta1223]

Does it make a difference if I was able to download/run from inside Sandboxie? Is this OK?

 

[TwinHeadedEagle]

Download and execute these two files, restart your PC and tell me is update working?

 

[jetta1223]

OK, but before I do that, I just noticed that when I go to my admin login I can update. But when I go to the standard user login the malwarebytes software does not highlight the button to update, neither does Kaspersky update more than 24%. So maybe a program or settings are affecting those updates?

 

[jetta1223]

I have a feeling it may be with Internet Explorer security settings, because after I reset the add-ons and security settings back to "default" in Explorer (in the admin acct), I was able to use the updates. How would this affect MalwareBytes and Kaspersky though? I will test this now in my standard user account by putting Explorer security settings to default and then will confirm whether that is true, just a few minutes.

 

[TwinHeadedEagle]

Do not use Standard Account for updating or to change any setting, because it will not work. You must use Admin account...

PC is clean, so we're done here. If everything is working with Admin account, then we do not have anything to discuss about.


Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;

• Remove disinfection tools
• Create registry backup
• Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

> I don't need DelFix log report.

 

[jetta1223]

Well, thank you TwinHeadedEagle for helping me find those hidden infections with the ComboFix tool. I guess the Updates are of a different matter, perhaps settings or software based? I don't know how it is happening. I guess I just need to test it. Anyway, I appreciate your assistance. Have a beautiful day